Cenzic 232 Patent
Paid Advertising
web application security lab

Facebook Patents Social Feeds and I Patent XSS

In honor of the USPO’s decision to allow Facebook’s patent for social feeds I decided to patent XSS. Please pay up. You know who you are. Thank you.

30 Responses to “Facebook Patents Social Feeds and I Patent XSS”

  1. Daniel Says:

    IOU a % of my gross income for the rest of my career?…

    FUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU

  2. A Says:

    alert(”best of luck”)

  3. Dr.Obvious Says:

    I patent the facepalm. ./facepalm
    Works great!

  4. Wyatt Says:

    Were you just sitting on that vulnerability waiting for the right time to make a zing?

  5. Dan Weber Says:

    Well, someone must be paying attention, because it looks like they fixed the problem.

  6. Dan Weber Says:

    Never mind, it was my browser intefering. I was kind of surprised that someone would fix the USPTO website on a Friday evening.

  7. swc|666 Says:

    epic

  8. Tom T. Says:

    I’ve XSSed the patent office web site, stolen your patent, and patented the “blog”. I look forward to your payments, along with millions of others.

    It will be a nice addition to the income from my patent on CSS.

  9. infinity Says:

    United States Patent 7,475,086 assigned to IBM:

    Method of automatically removing leading and trailing space characters from data being entered into a database system.

  10. Sniper Says:

    btw guys i found multiple “live” xss and sqli vulnerabilties of NASA.gov servers posted at pinoysecurity

  11. Jawdy Says:

    RSnake, you’re my hero.

  12. dew|frost Says:

    Sir, you are truly a genius.

    Also, did somebody already file to patent SQL injection? If not it’s a gap to be filled.

  13. Lysogen Says:

    OMG LOLZ, RSnake- uber epic.

  14. anon Says:

    next time please put a warning its an actual XSS attempt against a gov site (id expect things like this wouldn’t be posted on the front page of this site, bad assumption i suppose).

  15. Wornstrom Says:

    The URL, shown in the status bar on hover, is a pretty good warning.

  16. Dan Says:

    Wow “anon” - you might be on to something here!

    Maybe we shouldn’t randomly click on URL’s on a web site called “ha.ckers.org”.

    Just a thought…

  17. digi7al64 Says:

    I’ve got dibs on ‘prototype’ :p I’m gunna patent/copyrght it and sue everyone for infringement…. oh and btw, since I posted this on blog, the world must recoginise my claim! muhahahahahahaha!!!!11!!1

  18. Nilesh Says:

    Good One …Rsnake! :D

  19. Johannes Says:

    Genious

  20. syed shah Says:

    I see you are hacking away at the google chat module. Don’t kill me please.

  21. Asdf Qwerty Says:

    Nice find, i laughed.

    here’s another (2 actually)

    http://ebiz1.uspto.gov/vision-service/ShoppingCart_P/ShowShoppingCart?backUrl1=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&backLabel1=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E

  22. seoci Says:

    @Dan

    It wasn’t just a link on a web site called ha.ckers.org, it was a link labeled “XSS”

    If that’s not a warning, I don’t know what is.

  23. Jason Says:

    The forever-alpha Firekeeper add-on for Firefox caught the XSS attempt by telling me that the GET request looked suspiciously like HTML and allowed me to block it.

    http://firekeeper.mozdev.org/

  24. obelix6 Says:

    Reported to US-CERT… let’s see just how long it takes someone to fix it…

  25. Eric Says:

    @infinity - excellent discovery. I think its time to buy some IBM stock then, lots of people hate them whitespaces.

    I am sure someone has already patented something similar to social feeds, like a shoutbox, and will now probably sue Facebook… and to think our tax dollars go to pay experts to decide if its novel, original, and patentable.

  26. Kaze Says:

    You are a god, lolz, i wanna learn if I wasn’t so damm cluttered with the boring stuffs, wanhhhhhhhhhhhhhhh teach me teach me teach me, *Dose not want to be E-Shanked so he stops* Well have a nice day then (n_n)

  27. avetis.kazarian Says:

    Ha Ha Ha !

    Just GREAT.

  28. ouch Says:

    Wow, hover over with mouse really works. Nice one Rsnake.

  29. austin Says:

    yeah i seen the xss in the status bar…but i had to click it…i had to see if it would work…and i literally lol’d at work….im still giggling….

    i havent facepalmed so hard since i learned the uscan at wal-mart runs on xp…

  30. Denis Says:

    Amusingly, it’s still not fixed.